[Pkg-gnupg-commit] [gnupg2] 69/112: gpg: Print the signer's UID during verification.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 30 17:48:21 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit ed5c1b0b8a4790c4fb36a3129387f7c2ef5db302
Author: Werner Koch <wk at gnupg.org>
Date: Wed Aug 10 19:51:54 2016 +0200
gpg: Print the signer's UID during verification.
* g10/parse-packet.c (parse_signature): Sanitize the value stored in
SIGNERS_UID.
* g10/mainproc.c (issuer_fpr_string): New.
(check_sig_and_print): Print the signers' UID. Print the issuer
fingerprint in --rfc4880bis mode.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/mainproc.c | 32 ++++++++++++++++++++++++++++++--
g10/packet.h | 3 ++-
g10/parse-packet.c | 5 +----
3 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/g10/mainproc.c b/g10/mainproc.c
index e50e212..3d3f88b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1552,6 +1552,21 @@ akl_has_wkd_method (void)
}
+/* Return the ISSUER fingerprint string in human readbale format if
+ * available. Caller must release the string. */
+static char *
+issuer_fpr_string (PKT_signature *sig)
+{
+ const byte *p;
+ size_t n;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
+ if (p && n == 21 && p[0] == 4)
+ return bin2hex (p+1, n-1, NULL);
+ return NULL;
+}
+
+
static void
print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
PKT_signature *sig, int rc)
@@ -1589,6 +1604,7 @@ check_sig_and_print (CTX c, kbnode_t node)
int is_expkey = 0;
int is_revkey = 0;
char pkstrbuf[PUBKEY_STRING_SIZE];
+ char *issuer_fpr;
*pkstrbuf = 0;
@@ -1715,17 +1731,29 @@ check_sig_and_print (CTX c, kbnode_t node)
write_status_text (STATUS_NEWSIG, NULL);
astr = openpgp_pk_algo_name ( sig->pubkey_algo );
- if (keystrlen () > 8)
+ if (opt.flags.rfc4880bis && (issuer_fpr = issuer_fpr_string (sig)))
+ {
+ log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
+ log_info (_(" using %s key %s\n"),
+ astr? astr: "?", issuer_fpr);
+
+ xfree (issuer_fpr);
+ }
+ else if (!keystrlen () || keystrlen () > 8)
{
log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
log_info (_(" using %s key %s\n"),
astr? astr: "?", keystr(sig->keyid));
}
- else
+ else /* Legacy format. */
log_info (_("Signature made %s using %s key ID %s\n"),
asctimestamp(sig->timestamp), astr? astr: "?",
keystr(sig->keyid));
+ /* In verbose mode print the signers UID. */
+ if (sig->signers_uid)
+ log_info (_(" issuer \"%s\"\n"), sig->signers_uid);
+
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
/* If the key isn't found, check for a preferred keyserver. */
diff --git a/g10/packet.h b/g10/packet.h
index 08e2cb7..9c9e909 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -231,7 +231,8 @@ typedef struct
pka_info_t *pka_info; /* Malloced PKA data or NULL if not
available. See also flags.pka_tried. */
char *signers_uid; /* Malloced value of the SIGNERS_UID
- * subpacket. */
+ * subpacket or NULL. This string has
+ * already been sanitized. */
subpktarea_t *hashed; /* All subpackets with hashed data (v4 only). */
subpktarea_t *unhashed; /* Ditto for unhashed data. */
/* First 2 bytes of the digest. (Serialized. Note: this is not
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index ec8a641..9a733b5 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1936,15 +1936,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
if (p && len)
{
- sig->signers_uid = xtrymalloc (len+1);
+ sig->signers_uid = try_make_printable_string (p, len, 0);
if (!sig->signers_uid)
{
rc = gpg_error_from_syserror ();
goto leave;
}
- /* Note that we don't care about binary zeroes in the value. */
- memcpy (sig->signers_uid, p, len);
- sig->signers_uid[len] = 0;
}
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list